OpenStack Compute (nova)

Incoherent use of is_public creates havoc when using euca-describe-images

Bug #747855 reported by Tom vN on 2011-04-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	High	Vish Ishaya	OpenStack Compute (nova) 2011.2 "cactus"

Bug Description

Glance Rev 100 and Nova Rev 930

I upload images via Nova API to Glance:
nova-manage image all_register ami-tty/image aki-tty/image ari-tty/image admin "ttylinux"
which returns:
machine {'is_public': True, 'properties': {'image_location': 'local', 'image_state': 'available', 'architecture': 'x86_64', 'is_public': True, 'type': 'machine', 'owner_id': 'admin'}, 'disk_format': 'ami', 'name': 'ttylinux', 'container_format': 'ami'}

A glance details then shows all images uploaded with "Public: Yes".
Based on the return from nova-manage I would also expect to see a "Property 'is_public': True" however this is not present.

I now run an euca-describe-images as admin user and all the images are displayed as private.

I change my user to a non-admin user named testuser1 running under project test1 and run an euca-describe-images and it returns:
UnknownError: An unknown error has occurred. Please try your request again.

The Nova API debug output is as follows:
2011-04-02 00:00:12,134 ERROR nova.api [Q-I2YGJ4DUHY42BK-52S testuser1 test1] Unexpected error raised: 'is_public'
(nova.api): TRACE: Traceback (most recent call last):
(nova.api): TRACE: File "/opt/nova/nova/api/ec2/__init__.py", line 321, in __call__
(nova.api): TRACE: result = api_request.invoke(context)
(nova.api): TRACE: File "/opt/nova/nova/api/ec2/apirequest.py", line 150, in invoke
(nova.api): TRACE: result = method(context, **args)
(nova.api): TRACE: File "/opt/nova/nova/api/ec2/cloud.py", line 919, in describe_images
(nova.api): TRACE: images = self.image_service.detail(context)
(nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 79, in detail
(nova.api): TRACE: return self._filter(context, images)
(nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 91, in _filter
(nova.api): TRACE: if not cls._is_visible(context, image):
(nova.api): TRACE: File "/opt/nova/nova/image/s3.py", line 85, in _is_visible
(nova.api): TRACE: or image['properties']['is_public'] == 'True')
(nova.api): TRACE: KeyError: 'is_public'

See original description

Related branches

lp:~vishvananda/nova/fix-describe-images

Merged into lp:~hudson-openstack/nova/trunk at revision 961

Rick Harris (community): Approve on 2011-04-06

Brian Lamar (community): Needs Information on 2011-04-06

Devin Carlen (community): Approve on 2011-03-31

termie (community): Needs Fixing on 2011-03-30

Tom vN (tomvn) on 2011-04-02

description:

updated

Revision history for this message

Thierry Carrez (ttx) wrote on 2011-04-04:

Could you post the contents of your nova.conf file, and in particular the value of the --image_service flag, if any ?

Changed in nova:
status:	New → Incomplete

Revision history for this message

Tom vN (tomvn) wrote on 2011-04-04:

Sure thing
nova.conf on the nova-api host:

--dhcpbridge_flagfile=/opt/nova/bin/nova.conf
--network_manager=nova.network.manager.FlatDHCPManager
--sql_connection=mysql://root:nova@192.168.122.10/nova
--auth_driver=nova.auth.dbdriver.DbDriver
--libvirt_type=qemu
--rabbit_host=192.168.122.10
--timeout_nbd=30
--ec2_host=192.168.122.10
--ec2_dmz_host=10.0.0.10
--osapi_host=192.168.122.10
--dhcpbridge_flagfile=/opt/nova/bin/nova.conf
--dhcpbridge=/opt/nova/bin/nova-dhcpbridge
--flat_interface=eth1
--flat_injected=False
--fixed_range=10.0.0.0/24
--public_interface=eth0
--glance_host=192.168.122.14
--image_service=nova.image.glance.GlanceImageService

Glance uses an unaltered copy of the glance.conf.sample in the bzr tree.

Revision history for this message

Thierry Carrez (ttx) wrote on 2011-04-05:

The issues described here are actually caused by multiple bugs in the way we use is_public in image metadata:

* bin/nova-manage:900 : nova-manage image all_register sets is_public twice (in the main metadata dict and in the properties subdict)

* nova/image/service.py:169 GlanceImageService "create" flattens the metadata dict, and since is_public is a recognized as a BASE_IMAGE_ATTRS, it doesn't store it under the properties subdict

* nova/api/ec2/cloud.py:905 : EC2 describe_images looks for (properties.get(is_public) = True), doesn't find it, so returns (None == True), which is False

* nova/image/s3.py:85 : To determine visibility to non-admins, S3 image detail looks for image['properties']['is_public'] == 'True' , which bombs out if properties['is_public'] is not set

Changed in nova:
importance:	Undecided → High
status:	Incomplete → Triaged
summary:	- euca-describe-images shows all glance images as Private + Incoherent use of is_public creates havoc when using euca-describe- + images

Revision history for this message

Vish Ishaya (vishvananda) wrote on 2011-04-05:

The branch here:

https://code.launchpad.net/~vishvananda/nova/fix-describe-images/+merge/55617

fixes the bomb out on is_public. Perhaps we should default to true if it is not set?

Revision history for this message

Vish Ishaya (vishvananda) wrote on 2011-04-05:

Ok there were quite a few discrepencies between glance service and s3 service. I've attempted to fix them to use the same code in the above branch.

Changed in nova:
assignee:	nobody → Vish Ishaya (vishvananda)

Thierry Carrez (ttx) on 2011-04-06

Changed in nova:
status:	Triaged → In Progress

Thierry Carrez (ttx) on 2011-04-08

Changed in nova:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2011-04-15

Changed in nova:
milestone:	none → 2011.2
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.